Your Data Matters

GDPR Compliance Data Protection Consultancy

A leading GDPR consultancy and data protection firm, we specialise in advising organisations on how to comply with Data Protection legislation and remain compliant in an ever-changing regulatory environment.

About Us

GDPR Advisor offers data protection consultancy service, specialising in GDPR compliance. We help organisations of all sizes to understand and manage their data risks.

GDPR Advisor is a consultancy that provides guidance and advice on data protection compliance obligations for organisations subject to the General Data Protection Regulation (GDPR), through its services, GDPR Advisory Service and GDPR Implementation Services.

The company’s primary goal is to assist businesses in complying with their data protection obligations under the EU General Data Protection Regulations (GDPR). It assists organisations by providing them with guidance on how to fulfil their responsibilities as well as implementing those practices within an organisation. GDPR compliance consultancy also helps individuals who live outside of Europe but are subject to the legislation by providing information about what this means for them and suggesting solutions.

GDPR compliance consultancy

We help you deal with the most common challenges GDPR compliance presents.

GDPR compliance offers a range of services to help you meet your obligations under the new regulations, including advice and guidance on how to process personal data in compliance with the law, training for staff and management, implementation of appropriate safeguards such as pseudonymisation and encryption, compliance audits and legal reviews in UK.

Services

A comprehensive approach to data protection compliance by offering solutions tailored specifically to each client's needs

GDPR compliance consultancy

Our general consultancy services help you comply with the GDPR regulation and stay on top of all the new guidelines for your company.

GDPR data protection

We provide our clients with a single point of contact for all GDPR-related services including data protection officer as a service.

data gap analysis

We offer a GDPR gap analysis to help you identify actionable steps needed to close those gaps in your data protection. 

data mapping

Data mapping will help you map all your data and identify the personal data that requires protection under GDPR.

GDPR encryption

GDPR encryption is a powerful privacy and security solution that protects sensitive documents and files from unauthorised access.

Data audit

A comprehensive review of your data privacy practices, GDPR audit protects your company from any potential fines or penalties.

Frequently Asked Questions

GDPR is short for General Data Protection Regulation. The GDPR is a piece of legislation made by the European Union (EU) that came into force on May 25th, 2018. GDPR changes how organisations must handle the data of EU citizens and requires organisations to have GDPR compliant practices in place.

GDPR is a framework for how EU personal data may be collected and processed, including its storage and transfer between servers located in various European countries. GDPR not only applies to EU companies but overseas organisations with ties to the EU as well – namely those who offer goods or services to EU citizens, or monitor the behaviour of such citizens.

The GDPR requires that companies protect the personal data and privacy of EU citizens by designating a Data Protection Officer (DPO) who is responsible for GDPR compliance.

Companies must also provide clear information about how they collect, store and use EU citizen data; obtain explicit consent from users prior to collection; employ methods of security that show GDPR compliance through encryption, firewalls and anonymisation; be able to restore any lost or stolen data within 72 hours; disclose breaches within 72 hours of discovery; demonstrate compliance with GDPR audit requests on demand.

The GDPR only applies to personal data, which is any piece of information that relates to an identifiable person. Controllers and processors of such information must comply with the GDPR. The GDPR defines controller and processor as a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of processing personal data.

The GDPR applies to all companies that control user data regardless of where in the world it is held. GDPR laws apply to organisations around the globe who offer services to EU citizens; process personal information of EU clients; use cookie identifiers; engage third party proxies such as Facebook plug-ins, YouTube video players etc., whether they are established in Europe or not.

It is necessary to have a GDPR compliance strategy in place to control your GDPR risks:

Firstly, you should audit your systems in order to identify and document all personal data that you hold, where it came from, what the storage requirements are and how it is used.

Next, you need to prioritise your GDPR risks and assess how GDPR laws apply to your organisation. Are you GDPR compliant in terms of what personal information you hold? Do you process personal data under GDPR laws or is it being processed by a third party for your behalf?

At this point it is necessary to consider the risk profile: If the data is highly sensitive then GDPR compliance becomes vital as a matter of corporate reputation. If there are large numbers of records involved then GDPR can be quite costly in terms of time and money.

When these have been addressed, a GDPR solution should be put together that helps you achieve GDPR compliance with minimum financial impact on the business while maintaining regulatory compliance standards.

Under GDPR there are three main levels of breach that can occur:

1. GDPR infringement – There are two tiers of GDPR infringement and in tier one the fine is up to 20 million Euros or 2% of global turnover, whichever is higher. Alternatively if you have acted with negligence then GDPR fines can be up to 10 million Euros or 2% of global turnover, whichever is higher.

2. GDPR data subject complaint – If a complaint has been made by an individual (data subject) as a result of GDPR non-compliance and this cannot be resolved amicably, then the ICO could investigate the matter further. This investigation would include looking at what measures you had taken to comply with GDPR and what conclusions the ICO could come to. GDPR fines under this point are capped at 4% of global turnover (profits) or 20 million Euros, whichever is higher – so it makes sense for companies to take GDPR compliance seriously.

3. GDPR data incident report – If you have experienced a breach which is likely to result in a high risk to the rights and freedoms of an individual, then GDPR requires that you report this breach to the ICO within 72 hours of becoming aware of it. GDPR fines are tiered according to severity and for most breaches will be 2% or up to 10 million Euros, whichever is higher. In some extreme cases however GDPR fines can also be as much as 4% or 20 million Euros.

Want to learn more about GDPR?

If you are a business owner or marketer looking to learn more about the new GDPR regulations, we have a few resources that can get you started. Contact us today and one of our experts will be happy to speak with you in person or via phone call regarding how this legislation may affect your marketing strategy moving forward.

X